Example 1 with Site2SiteCustomerGatewayVO
use of com.cloud.network.dao.Site2SiteCustomerGatewayVO in project cloudstack by apache.
the class Site2SiteVpnManagerImpl method searchForCustomerGateways.
@Override
public Pair<List<? extends Site2SiteCustomerGateway>, Integer> searchForCustomerGateways(ListVpnCustomerGatewaysCmd cmd) {
Long id = cmd.getId();
Long domainId = cmd.getDomainId();
boolean isRecursive = cmd.isRecursive();
String accountName = cmd.getAccountName();
boolean listAll = cmd.listAll();
long startIndex = cmd.getStartIndex();
long pageSizeVal = cmd.getPageSizeVal();
Account caller = CallContext.current().getCallingAccount();
List<Long> permittedAccounts = new ArrayList<Long>();
Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<Long, Boolean, ListProjectResourcesCriteria>(domainId, isRecursive, null);
_accountMgr.buildACLSearchParameters(caller, id, accountName, cmd.getProjectId(), permittedAccounts, domainIdRecursiveListProject, listAll, false);
domainId = domainIdRecursiveListProject.first();
isRecursive = domainIdRecursiveListProject.second();
ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third();
Filter searchFilter = new Filter(Site2SiteCustomerGatewayVO.class, "id", false, startIndex, pageSizeVal);
SearchBuilder<Site2SiteCustomerGatewayVO> sb = _customerGatewayDao.createSearchBuilder();
_accountMgr.buildACLSearchBuilder(sb, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
SearchCriteria<Site2SiteCustomerGatewayVO> sc = sb.create();
_accountMgr.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
if (id != null) {
sc.addAnd("id", SearchCriteria.Op.EQ, id);
}
Pair<List<Site2SiteCustomerGatewayVO>, Integer> result = _customerGatewayDao.searchAndCount(sc, searchFilter);
return new Pair<List<? extends Site2SiteCustomerGateway>, Integer>(result.first(), result.second());
}
Also used :
Account(com.cloud.user.Account)
Ternary(com.cloud.utils.Ternary)
Site2SiteCustomerGatewayVO(com.cloud.network.dao.Site2SiteCustomerGatewayVO)
ArrayList(java.util.ArrayList)
ListProjectResourcesCriteria(com.cloud.projects.Project.ListProjectResourcesCriteria)
Filter(com.cloud.utils.db.Filter)
List(java.util.List)
ArrayList(java.util.ArrayList)
Pair(com.cloud.utils.Pair)
Example 2 with Site2SiteCustomerGatewayVO
use of com.cloud.network.dao.Site2SiteCustomerGatewayVO in project cloudstack by apache.
the class Site2SiteVpnManagerImpl method createVpnConnection.
@Override
@ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CONNECTION_CREATE, eventDescription = "creating s2s vpn connection", create = true)
public Site2SiteVpnConnection createVpnConnection(CreateVpnConnectionCmd cmd) throws NetworkRuleConflictException {
Account caller = CallContext.current().getCallingAccount();
Account owner = _accountMgr.getAccount(cmd.getEntityOwnerId());
//Verify that caller can perform actions in behalf of vpc owner
_accountMgr.checkAccess(caller, null, false, owner);
Long customerGatewayId = cmd.getCustomerGatewayId();
Site2SiteCustomerGateway customerGateway = _customerGatewayDao.findById(customerGatewayId);
if (customerGateway == null) {
throw new InvalidParameterValueException("Unable to found specified Site to Site VPN customer gateway " + customerGatewayId + " !");
}
_accountMgr.checkAccess(caller, null, false, customerGateway);
Long vpnGatewayId = cmd.getVpnGatewayId();
Site2SiteVpnGateway vpnGateway = _vpnGatewayDao.findById(vpnGatewayId);
if (vpnGateway == null) {
throw new InvalidParameterValueException("Unable to found specified Site to Site VPN gateway " + vpnGatewayId + " !");
}
_accountMgr.checkAccess(caller, null, false, vpnGateway);
if (customerGateway.getAccountId() != vpnGateway.getAccountId() || customerGateway.getDomainId() != vpnGateway.getDomainId()) {
throw new InvalidParameterValueException("VPN connection can only be esitablished between same account's VPN gateway and customer gateway!");
}
if (_vpnConnectionDao.findByVpnGatewayIdAndCustomerGatewayId(vpnGatewayId, customerGatewayId) != null) {
throw new InvalidParameterValueException("The vpn connection with customer gateway id " + customerGatewayId + " and vpn gateway id " + vpnGatewayId + " already existed!");
}
String[] cidrList = customerGateway.getGuestCidrList().split(",");
// Remote sub nets cannot overlap VPC's sub net
String vpcCidr = _vpcDao.findById(vpnGateway.getVpcId()).getCidr();
for (String cidr : cidrList) {
if (NetUtils.isNetworksOverlap(vpcCidr, cidr)) {
throw new InvalidParameterValueException("The subnets of customer gateway " + customerGatewayId + "'s subnet " + cidr + " is overlapped with VPC cidr " + vpcCidr + "!");
}
}
// We also need to check if the new connection's remote CIDR is overlapped with existed connections
List<Site2SiteVpnConnectionVO> conns = _vpnConnectionDao.listByVpnGatewayId(vpnGatewayId);
if (conns.size() >= _connLimit) {
throw new InvalidParameterValueException("There are too many VPN connections with current VPN gateway! The limit is " + _connLimit);
}
for (Site2SiteVpnConnectionVO vc : conns) {
if (vc == null) {
continue;
}
Site2SiteCustomerGatewayVO gw = _customerGatewayDao.findById(vc.getCustomerGatewayId());
String[] oldCidrList = gw.getGuestCidrList().split(",");
for (String oldCidr : oldCidrList) {
for (String cidr : cidrList) {
if (NetUtils.isNetworksOverlap(cidr, oldCidr)) {
throw new InvalidParameterValueException("The new connection's remote subnet " + cidr + " is overlapped with existed VPN connection to customer gateway " + gw.getName() + "'s subnet " + oldCidr);
}
}
}
}
Site2SiteVpnConnectionVO conn = new Site2SiteVpnConnectionVO(owner.getAccountId(), owner.getDomainId(), vpnGatewayId, customerGatewayId, cmd.isPassive());
conn.setState(State.Pending);
if (cmd.getDisplay() != null) {
conn.setDisplay(cmd.getDisplay());
}
_vpnConnectionDao.persist(conn);
return conn;
}
Also used :
Account(com.cloud.user.Account)
Site2SiteVpnGateway(com.cloud.network.Site2SiteVpnGateway)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
Site2SiteCustomerGatewayVO(com.cloud.network.dao.Site2SiteCustomerGatewayVO)
Site2SiteVpnConnectionVO(com.cloud.network.dao.Site2SiteVpnConnectionVO)
Site2SiteCustomerGateway(com.cloud.network.Site2SiteCustomerGateway)
ActionEvent(com.cloud.event.ActionEvent)
Example 3 with Site2SiteCustomerGatewayVO
use of com.cloud.network.dao.Site2SiteCustomerGatewayVO in project cloudstack by apache.
the class Site2SiteVpnManagerImpl method updateCustomerGateway.
@Override
@ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CUSTOMER_GATEWAY_UPDATE, eventDescription = "update s2s vpn customer gateway", create = true)
public Site2SiteCustomerGateway updateCustomerGateway(UpdateVpnCustomerGatewayCmd cmd) {
CallContext.current().setEventDetails(" Id: " + cmd.getId());
Account caller = CallContext.current().getCallingAccount();
Long id = cmd.getId();
Site2SiteCustomerGatewayVO gw = _customerGatewayDao.findById(id);
if (gw == null) {
throw new InvalidParameterValueException("Find to find customer gateway with id " + id);
}
_accountMgr.checkAccess(caller, null, false, gw);
List<Site2SiteVpnConnectionVO> conns = _vpnConnectionDao.listByCustomerGatewayId(id);
if (conns != null) {
for (Site2SiteVpnConnection conn : conns) {
if (conn.getState() != State.Error) {
throw new InvalidParameterValueException("Unable to update customer gateway with connections in non-Error state!");
}
}
}
String name = cmd.getName();
String gatewayIp = cmd.getGatewayIp();
if (!NetUtils.isValidIp(gatewayIp)) {
throw new InvalidParameterValueException("The customer gateway ip " + gatewayIp + " is invalid!");
}
if (name == null) {
name = "VPN-" + gatewayIp;
}
String guestCidrList = cmd.getGuestCidrList();
if (!NetUtils.validateGuestCidrList(guestCidrList)) {
throw new InvalidParameterValueException("The customer gateway guest cidr list " + guestCidrList + " contains invalid guest cidr!");
}
String ipsecPsk = cmd.getIpsecPsk();
String ikePolicy = cmd.getIkePolicy();
String espPolicy = cmd.getEspPolicy();
if (!NetUtils.isValidS2SVpnPolicy("ike", ikePolicy)) {
throw new InvalidParameterValueException("The customer gateway IKE policy" + ikePolicy + " is invalid! Verify the required Diffie Hellman (DH) group is specified.");
}
if (!NetUtils.isValidS2SVpnPolicy("esp", espPolicy)) {
throw new InvalidParameterValueException("The customer gateway ESP policy" + espPolicy + " is invalid!");
}
Long ikeLifetime = cmd.getIkeLifetime();
if (ikeLifetime == null) {
// Default value of lifetime is 1 day
ikeLifetime = (long) 86400;
}
if (ikeLifetime > 86400) {
throw new InvalidParameterValueException("The IKE lifetime " + ikeLifetime + " of vpn connection is invalid!");
}
Long espLifetime = cmd.getEspLifetime();
if (espLifetime == null) {
// Default value of lifetime is 1 hour
espLifetime = (long) 3600;
}
if (espLifetime > 86400) {
throw new InvalidParameterValueException("The ESP lifetime " + espLifetime + " of vpn connection is invalid!");
}
Boolean dpd = cmd.getDpd();
if (dpd == null) {
dpd = false;
}
Boolean encap = cmd.getEncap();
if (encap == null) {
encap = false;
}
checkCustomerGatewayCidrList(guestCidrList);
long accountId = gw.getAccountId();
Site2SiteCustomerGatewayVO existedGw = _customerGatewayDao.findByGatewayIpAndAccountId(gatewayIp, accountId);
if (existedGw != null && existedGw.getId() != gw.getId()) {
throw new InvalidParameterValueException("The customer gateway with ip " + gatewayIp + " already existed in the system!");
}
existedGw = _customerGatewayDao.findByNameAndAccountId(name, accountId);
if (existedGw != null && existedGw.getId() != gw.getId()) {
throw new InvalidParameterValueException("The customer gateway with name " + name + " already existed!");
}
gw.setName(name);
gw.setGatewayIp(gatewayIp);
gw.setGuestCidrList(guestCidrList);
gw.setIkePolicy(ikePolicy);
gw.setEspPolicy(espPolicy);
gw.setIpsecPsk(ipsecPsk);
gw.setIkeLifetime(ikeLifetime);
gw.setEspLifetime(espLifetime);
gw.setDpd(dpd);
gw.setEncap(encap);
_customerGatewayDao.persist(gw);
return gw;
}
Also used :
Account(com.cloud.user.Account)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
Site2SiteCustomerGatewayVO(com.cloud.network.dao.Site2SiteCustomerGatewayVO)
Site2SiteVpnConnectionVO(com.cloud.network.dao.Site2SiteVpnConnectionVO)
Site2SiteVpnConnection(com.cloud.network.Site2SiteVpnConnection)
ActionEvent(com.cloud.event.ActionEvent)
Example 4 with Site2SiteCustomerGatewayVO
use of com.cloud.network.dao.Site2SiteCustomerGatewayVO in project cloudstack by apache.
the class Site2SiteVpnManagerImpl method createCustomerGateway.
@Override
@ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CUSTOMER_GATEWAY_CREATE, eventDescription = "creating s2s customer gateway", create = true)
public Site2SiteCustomerGateway createCustomerGateway(CreateVpnCustomerGatewayCmd cmd) {
Account caller = CallContext.current().getCallingAccount();
Account owner = _accountMgr.getAccount(cmd.getEntityOwnerId());
//Verify that caller can perform actions in behalf of vpc owner
_accountMgr.checkAccess(caller, null, false, owner);
String name = cmd.getName();
String gatewayIp = cmd.getGatewayIp();
if (!NetUtils.isValidIp(gatewayIp)) {
throw new InvalidParameterValueException("The customer gateway ip " + gatewayIp + " is invalid!");
}
if (name == null) {
name = "VPN-" + gatewayIp;
}
String peerCidrList = cmd.getGuestCidrList();
if (!NetUtils.isValidCidrList(peerCidrList)) {
throw new InvalidParameterValueException("The customer gateway peer cidr list " + peerCidrList + " contains an invalid cidr!");
}
String ipsecPsk = cmd.getIpsecPsk();
String ikePolicy = cmd.getIkePolicy();
String espPolicy = cmd.getEspPolicy();
if (!NetUtils.isValidS2SVpnPolicy("ike", ikePolicy)) {
throw new InvalidParameterValueException("The customer gateway IKE policy " + ikePolicy + " is invalid! Verify the required Diffie Hellman (DH) group is specified.");
}
if (!NetUtils.isValidS2SVpnPolicy("esp", espPolicy)) {
throw new InvalidParameterValueException("The customer gateway ESP policy " + espPolicy + " is invalid!");
}
Long ikeLifetime = cmd.getIkeLifetime();
if (ikeLifetime == null) {
// Default value of lifetime is 1 day
ikeLifetime = (long) 86400;
}
if (ikeLifetime > 86400) {
throw new InvalidParameterValueException("The IKE lifetime " + ikeLifetime + " of vpn connection is invalid!");
}
Long espLifetime = cmd.getEspLifetime();
if (espLifetime == null) {
// Default value of lifetime is 1 hour
espLifetime = (long) 3600;
}
if (espLifetime > 86400) {
throw new InvalidParameterValueException("The ESP lifetime " + espLifetime + " of vpn connection is invalid!");
}
Boolean dpd = cmd.getDpd();
if (dpd == null) {
dpd = false;
}
Boolean encap = cmd.getEncap();
if (encap == null) {
encap = false;
}
long accountId = owner.getAccountId();
if (_customerGatewayDao.findByGatewayIpAndAccountId(gatewayIp, accountId) != null) {
throw new InvalidParameterValueException("The customer gateway with ip " + gatewayIp + " already existed in the system!");
}
if (_customerGatewayDao.findByNameAndAccountId(name, accountId) != null) {
throw new InvalidParameterValueException("The customer gateway with name " + name + " already existed!");
}
checkCustomerGatewayCidrList(peerCidrList);
Site2SiteCustomerGatewayVO gw = new Site2SiteCustomerGatewayVO(name, accountId, owner.getDomainId(), gatewayIp, peerCidrList, ipsecPsk, ikePolicy, espPolicy, ikeLifetime, espLifetime, dpd, encap);
_customerGatewayDao.persist(gw);
return gw;
}
Also used :
Account(com.cloud.user.Account)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
Site2SiteCustomerGatewayVO(com.cloud.network.dao.Site2SiteCustomerGatewayVO)
ActionEvent(com.cloud.event.ActionEvent)
Example 5 with Site2SiteCustomerGatewayVO
use of com.cloud.network.dao.Site2SiteCustomerGatewayVO in project cloudstack by apache.
the class Site2SiteVpnManagerImpl method deleteCustomerGatewayByAccount.
@Override
public boolean deleteCustomerGatewayByAccount(long accountId) {
boolean result = true;
;
List<Site2SiteCustomerGatewayVO> gws = _customerGatewayDao.listByAccountId(accountId);
for (Site2SiteCustomerGatewayVO gw : gws) {
result = result & doDeleteCustomerGateway(gw);
}
return result;
}
Also used :
Site2SiteCustomerGatewayVO(com.cloud.network.dao.Site2SiteCustomerGatewayVO)
Aggregations
Site2SiteCustomerGatewayVO (com.cloud.network.dao.Site2SiteCustomerGatewayVO)6
Account (com.cloud.user.Account)4
ActionEvent (com.cloud.event.ActionEvent)3
InvalidParameterValueException (com.cloud.exception.InvalidParameterValueException)3
Site2SiteVpnConnectionVO (com.cloud.network.dao.Site2SiteVpnConnectionVO)2
Site2SiteVpnCfgCommand (com.cloud.agent.api.routing.Site2SiteVpnCfgCommand)1
DataCenterVO (com.cloud.dc.DataCenterVO)1
IpAddress (com.cloud.network.IpAddress)1
PublicIpAddress (com.cloud.network.PublicIpAddress)1
Site2SiteCustomerGateway (com.cloud.network.Site2SiteCustomerGateway)1
Site2SiteVpnConnection (com.cloud.network.Site2SiteVpnConnection)1
Site2SiteVpnGateway (com.cloud.network.Site2SiteVpnGateway)1
Site2SiteVpnGatewayVO (com.cloud.network.dao.Site2SiteVpnGatewayVO)1
PrivateIpAddress (com.cloud.network.vpc.PrivateIpAddress)1
Vpc (com.cloud.network.vpc.Vpc)1
ListProjectResourcesCriteria (com.cloud.projects.Project.ListProjectResourcesCriteria)1
Pair (com.cloud.utils.Pair)1
Ternary (com.cloud.utils.Ternary)1
Filter (com.cloud.utils.db.Filter)1
ArrayList (java.util.ArrayList)1
